#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <akashi.tkhro@gmail.com> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <kojima.masahisa@socionext.com> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
b106961c |
|
14-Dec-2023 |
Tom Rini <trini@konsulko.com> |
global: Restrict use of '#include <linux/kconfig.h>' In general terms, we -include include/linux/kconfig.h and so normal U-Boot code does not need to also #include it. However, for code which is shared with userspace we may need to add it so that either our full config is available or so that macros such as CONFIG_IS_ENABLED() can be evaluated. In this case make sure that we guard these includes with a test for USE_HOSTCC so that it clear as to why we're doing this. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f65ee99b |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for setting OEM flags in capsule header Add support for setting OEM flags in the capsule header. As per the UEFI specification, bits 0-15 of the flags member of the capsule header can be defined per capsule GUID. The oemflags will be used for the FWU Multi Bank update feature, as specified by the Dependable Boot specification[1]. Bit 15 of the flags member will be used to determine if the acceptance/rejection of the updated images is to be done by the firmware or an external component like the OS. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
625d933e |
|
15-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: remove duplicated code That code is mistakenly duplicated due to copy-and-paste error. Just remove it. Fixes: CID 348360 Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d9612f44 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: allow for specifying GUID explicitly The existing options, "--fit" and "--raw," are only used to put a proper GUID in a capsule header, where GUID identifies a particular FMP (Firmware Management Protocol) driver which then would handle the firmware binary in a capsule. In fact, mkeficapsule does the exact same job in creating a capsule file whatever the firmware binary type is. To prepare for the future extension, the command syntax will be a bit modified to allow users to specify arbitrary GUID for their own FMP driver. OLD: [--fit <image> | --raw <image>] <capsule file> NEW: [--fit | --raw | --guid <guid-string>] <image> <capsule file> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
6bbe12f6 |
|
05-Feb-2022 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools: mkeficapsule: dont use malloc.h malloc() functions are declared via stdlib.h. Including malloc.h can lead to build errors e.g. on OS-X. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
9e63786e |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: rework the code a little bit Abstract common routines to make the code easily understandable. No functional change. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
|
#
df1ce60f |
|
17-Jan-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: output messages to stderr instead of stdout All the error messages should be printed out to stderr. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
18cfbbba |
|
07-Oct-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
Revert "Revert "mkeficapsule: Remove dtb related options"" This reverts commit d428e81266a59974ade74c1ba019af39f23304ab. We have agreed with removing dtb-related stuff from mkeficapsule command even if the commit 47a25e81d35c ("Revert "efi_capsule: Move signature from DTB to .rodata"") was applied. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d428e812 |
|
02-Aug-2021 |
Simon Glass <sjg@chromium.org> |
Revert "mkeficapsule: Remove dtb related options" This reverts commit f86caab058ff062ce72b24cd1ab9ec1253cc1352. Signed-off-by: Simon Glass <sjg@chromium.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
f86caab0 |
|
17-Jul-2021 |
Ilias Apalodimas <ilias.apalodimas@linaro.org> |
mkeficapsule: Remove dtb related options commit 322c813f4bec ("mkeficapsule: Add support for embedding public key in a dtb") added a bunch of options enabling the addition of the capsule public key in a dtb. Since now we embedded the key in U-Boot's .rodata we don't this this functionality anymore Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
21640636 |
|
08-Apr-2021 |
Heinrich Schuchardt <xypron.glpk@gmx.de> |
tools/mkeficapsule: improve online help Show short arguments along with long arguments in online help: $ tools/mkeficapsule -h Usage: mkeficapsule [options] <output file> Options: -f, --fit <fit image> new FIT image file -r, --raw <raw image> new raw image file -i, --index <index> update image index -I, --instance <instance> update hardware instance -K, --public-key <key file> public key esl file -D, --dtb <dtb file> dtb file -O, --overlay the dtb file is an overlay -h, --help print a help message Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
ad09004a |
|
07-Feb-2021 |
Simon Glass <sjg@chromium.org> |
mkeficapsule: Correct printf() strings Use %z when printing size_t values. This avoids errors on 32-bit machines. Signed-off-by: Simon Glass <sjg@chromium.org> Use a conversion to size_t for printing stat.st_size. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
95cacc86 |
|
20-Feb-2021 |
Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> |
tools/mkeficapsule.c: fix DEBUG build Fix a missing comma sign (,) from a printf(), that is only reachable if DEBUG is defined, in which case the build fails with: tools/mkeficapsule.c:266:36: error: expected ‘)’ before ‘bin’ 266 | printf("\tbin: %s\n\ttype: %pUl\n" bin, guid); | ^~~~ | ) Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
d33f3181 |
|
22-Jan-2021 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Miscellaneous fixes in the utility Miscellaneous fixes in the mkeficapsule utility -- these include a few resource leak issues flagged by Coverity along with some additional code improvements suggested by Heinrich during code review. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
f7cd8b7b |
|
21-Jan-2021 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: fill reserved members of structure Fill reserved members of efi_firmware_management_capsule_image_header structure with zero's for safety. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Fixes: CID 316354 Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
322c813f |
|
30-Dec-2020 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for embedding public key in a dtb Add options for embedding the public key esl(efi signature list) file to the platform's dtb. The esl file is then retrieved and used for authenticating the capsule to be used for updating firmare components on the platform. The esl file can now be embedded in the dtb by invoking the following command mkeficapsule -K <pub_key.esl> -D <dtb> In the scenario where the esl file is to be embedded in an overlay, this can be done through the following command mkeficapsule -O -K <pub_key.esl> -D <dtb> This will create a node named 'signature' in the dtb, and the esl file will be stored as 'capsule-key' Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
|
#
450596f2 |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
test/py: efi_capsule: test for FIT image capsule The test can run on sandbox build and it attempts to execute a firmware update via a capsule-on-disk, using a FIT image capsule, CONFIG_EFI_CAPSULE_FIT. To run this test successfully, you need configure U-Boot specifically; See test_capsule_firmware.py for requirements, and hence it won't run on Travis CI, at least, for now. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|
#
fab430be |
|
30-Nov-2020 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: add mkeficapsule command for UEFI capsule update This is a utility mainly for test purpose. mkeficapsule -f: create a test capsule file for FIT image firmware Having said that, you will be able to customize the code to fit your specific requirements for your platform. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
|